[OmniOS-discuss] Switching to OpenSSH
Paul B. Henson
henson at acm.org
Mon Jul 15 19:59:37 UTC 2013
On 7/15/2013 11:31 AM, Eric Sproul wrote:
> from illumos-gate. I'm not sure what other obstacles may lurk there
> (integration with other major subsystems, like internationalization
> maybe.)
From what I recall, the differences between openssh and sunssh were:
* privilege separation (I don't think there's any technical reason why
one approach works better on Solaris than the other, or that one
couldn't be dropped in to replace the other, it was more a matter of the
Sun folk at the time didn't like the openssh approach)
* locale - sunssh supports language negotiation as defined in RFC 4253,
I'm not sure if openssh does yet
* sunssh is integrated into the Solaris auditing framework
* sunssh uses the Solaris cryptographic framework rather than openssl,
which historically gave it access to hardware acceleration that openssh
didn't use, but I think openssl supports the same framework now
I think the only real killer would be the auditing support, if somebody
was leveraging that.
More information about the OmniOS-discuss
mailing list